Previous Topic: Event SpecificNext Topic: Types of Events


Result Specific

Field Name

Description

event_result

The result value of the expressed event information. This is normally set to “S” for success or “F” for failure. In some instances there are other options provided (Accepted, Dropped, Rejected) for this field.

result_string

A descriptive string which describes what action is expressed in this event. This field is occasionally provided by the vendor.

result_signature

The signature is the name of the virus or name of the IDS signature that was matched. For other types of events that do not use signature-based matching this field would be blank.

result_code

The return code expressed in the event information. This field is normally populated for failed events.

result_version

The version of signature expressed in the result_signature field.

result_priority

The priority of the expressed event information.

result_scope

The scope of the expressed event information.

result_severity

The severity of the expressed event information.